com.google.cloud.iam.credentials.v1

Class GenerateIdentityBindingAccessTokenRequest.Builder

java.lang.Object

com.google.protobuf.AbstractMessageLite.Builder

com.google.protobuf.AbstractMessage.Builder<BuilderType>

com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

com.google.cloud.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest.Builder

All Implemented Interfaces:

GenerateIdentityBindingAccessTokenRequestOrBuilder, com.google.protobuf.Message.Builder, com.google.protobuf.MessageLite.Builder, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Cloneable

Enclosing class:

GenerateIdentityBindingAccessTokenRequest

public static final class GenerateIdentityBindingAccessTokenRequest.Builder
extends com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>
implements GenerateIdentityBindingAccessTokenRequestOrBuilder

Protobuf type google.iam.credentials.v1.GenerateIdentityBindingAccessTokenRequest

Method Summary

Modifier and Type	Method and Description
GenerateIdentityBindingAccessTokenRequest.Builder	addAllScope(Iterable<String> values) Code to identify the scopes to be included in the OAuth 2.0 access token.
GenerateIdentityBindingAccessTokenRequest.Builder	addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
GenerateIdentityBindingAccessTokenRequest.Builder	addScope(String value) Code to identify the scopes to be included in the OAuth 2.0 access token.
GenerateIdentityBindingAccessTokenRequest.Builder	addScopeBytes(com.google.protobuf.ByteString value) Code to identify the scopes to be included in the OAuth 2.0 access token.
GenerateIdentityBindingAccessTokenRequest	build()
GenerateIdentityBindingAccessTokenRequest	buildPartial()
GenerateIdentityBindingAccessTokenRequest.Builder	clear()
GenerateIdentityBindingAccessTokenRequest.Builder	clearField(com.google.protobuf.Descriptors.FieldDescriptor field)
GenerateIdentityBindingAccessTokenRequest.Builder	clearJwt() Required.
GenerateIdentityBindingAccessTokenRequest.Builder	clearName() The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
GenerateIdentityBindingAccessTokenRequest.Builder	clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)
GenerateIdentityBindingAccessTokenRequest.Builder	clearScope() Code to identify the scopes to be included in the OAuth 2.0 access token.
GenerateIdentityBindingAccessTokenRequest.Builder	clone()
GenerateIdentityBindingAccessTokenRequest	getDefaultInstanceForType()
static com.google.protobuf.Descriptors.Descriptor	getDescriptor()
com.google.protobuf.Descriptors.Descriptor	getDescriptorForType()
String	getJwt() Required.
com.google.protobuf.ByteString	getJwtBytes() Required.
String	getName() The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
com.google.protobuf.ByteString	getNameBytes() The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
String	getScope(int index) Code to identify the scopes to be included in the OAuth 2.0 access token.
com.google.protobuf.ByteString	getScopeBytes(int index) Code to identify the scopes to be included in the OAuth 2.0 access token.
int	getScopeCount() Code to identify the scopes to be included in the OAuth 2.0 access token.
com.google.protobuf.ProtocolStringList	getScopeList() Code to identify the scopes to be included in the OAuth 2.0 access token.
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable	internalGetFieldAccessorTable()
boolean	isInitialized()
GenerateIdentityBindingAccessTokenRequest.Builder	mergeFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry)
GenerateIdentityBindingAccessTokenRequest.Builder	mergeFrom(GenerateIdentityBindingAccessTokenRequest other)
GenerateIdentityBindingAccessTokenRequest.Builder	mergeFrom(com.google.protobuf.Message other)
GenerateIdentityBindingAccessTokenRequest.Builder	mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)
GenerateIdentityBindingAccessTokenRequest.Builder	setField(com.google.protobuf.Descriptors.FieldDescriptor field, Object value)
GenerateIdentityBindingAccessTokenRequest.Builder	setJwt(String value) Required.
GenerateIdentityBindingAccessTokenRequest.Builder	setJwtBytes(com.google.protobuf.ByteString value) Required.
GenerateIdentityBindingAccessTokenRequest.Builder	setName(String value) The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
GenerateIdentityBindingAccessTokenRequest.Builder	setNameBytes(com.google.protobuf.ByteString value) The resource name of the service account for which the credentials are requested, in the following format: `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
GenerateIdentityBindingAccessTokenRequest.Builder	setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field, int index, Object value)
GenerateIdentityBindingAccessTokenRequest.Builder	setScope(int index, String value) Code to identify the scopes to be included in the OAuth 2.0 access token.
GenerateIdentityBindingAccessTokenRequest.Builder	setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Methods inherited from class com.google.protobuf.GeneratedMessageV3.Builder

getAllFields, getField, getFieldBuilder, getOneofFieldDescriptor, getParentForChildren, getRepeatedField, getRepeatedFieldBuilder, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMutableMapField, isClean, markClean, newBuilderForField, onBuilt, onChanged, setUnknownFieldsProto3

Methods inherited from class com.google.protobuf.AbstractMessage.Builder

findInitializationErrors, getInitializationErrorString, internalMergeFrom, mergeDelimitedFrom, mergeDelimitedFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, mergeFrom, newUninitializedMessageException, toString

Methods inherited from class com.google.protobuf.AbstractMessageLite.Builder

addAll, addAll, mergeFrom, newUninitializedMessageException

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface com.google.protobuf.MessageOrBuilder

findInitializationErrors, getAllFields, getField, getInitializationErrorString, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof

Methods inherited from interface com.google.protobuf.MessageLite.Builder

mergeFrom

Method Detail

getDescriptor

public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

internalGetFieldAccessorTable

protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()

Specified by:

internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

clear

public GenerateIdentityBindingAccessTokenRequest.Builder clear()

Specified by:

clear in interface com.google.protobuf.Message.Builder

Specified by:

clear in interface com.google.protobuf.MessageLite.Builder

Overrides:

clear in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

getDescriptorForType

public com.google.protobuf.Descriptors.Descriptor getDescriptorForType()

Specified by:

getDescriptorForType in interface com.google.protobuf.Message.Builder

Specified by:

getDescriptorForType in interface com.google.protobuf.MessageOrBuilder

Overrides:

getDescriptorForType in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

getDefaultInstanceForType

public GenerateIdentityBindingAccessTokenRequest getDefaultInstanceForType()

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder

Specified by:

getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder

build

public GenerateIdentityBindingAccessTokenRequest build()

Specified by:

build in interface com.google.protobuf.Message.Builder

Specified by:

build in interface com.google.protobuf.MessageLite.Builder

buildPartial

public GenerateIdentityBindingAccessTokenRequest buildPartial()

Specified by:

buildPartial in interface com.google.protobuf.Message.Builder

Specified by:

buildPartial in interface com.google.protobuf.MessageLite.Builder

clone

public GenerateIdentityBindingAccessTokenRequest.Builder clone()

Specified by:

clone in interface com.google.protobuf.Message.Builder

Specified by:

clone in interface com.google.protobuf.MessageLite.Builder

Overrides:

clone in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

setField

public GenerateIdentityBindingAccessTokenRequest.Builder setField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                                  Object value)

Specified by:

setField in interface com.google.protobuf.Message.Builder

Overrides:

setField in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

clearField

public GenerateIdentityBindingAccessTokenRequest.Builder clearField(com.google.protobuf.Descriptors.FieldDescriptor field)

Specified by:

clearField in interface com.google.protobuf.Message.Builder

Overrides:

clearField in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

clearOneof

public GenerateIdentityBindingAccessTokenRequest.Builder clearOneof(com.google.protobuf.Descriptors.OneofDescriptor oneof)

Specified by:

clearOneof in interface com.google.protobuf.Message.Builder

Overrides:

clearOneof in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

setRepeatedField

public GenerateIdentityBindingAccessTokenRequest.Builder setRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                                          int index,
                                                                          Object value)

Specified by:

setRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

setRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

addRepeatedField

public GenerateIdentityBindingAccessTokenRequest.Builder addRepeatedField(com.google.protobuf.Descriptors.FieldDescriptor field,
                                                                          Object value)

Specified by:

addRepeatedField in interface com.google.protobuf.Message.Builder

Overrides:

addRepeatedField in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

mergeFrom

public GenerateIdentityBindingAccessTokenRequest.Builder mergeFrom(com.google.protobuf.Message other)

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

mergeFrom

public GenerateIdentityBindingAccessTokenRequest.Builder mergeFrom(GenerateIdentityBindingAccessTokenRequest other)

isInitialized

public final boolean isInitialized()

Specified by:

isInitialized in interface com.google.protobuf.MessageLiteOrBuilder

Overrides:

isInitialized in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

mergeFrom

public GenerateIdentityBindingAccessTokenRequest.Builder mergeFrom(com.google.protobuf.CodedInputStream input,
                                                                   com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                                                            throws IOException

Specified by:

mergeFrom in interface com.google.protobuf.Message.Builder

Specified by:

mergeFrom in interface com.google.protobuf.MessageLite.Builder

Overrides:

mergeFrom in class com.google.protobuf.AbstractMessage.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

Throws:

IOException

getName

public String getName()

 The resource name of the service account for which the credentials
 are requested, in the following format:
 `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
 

string name = 1;

Specified by:

getName in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

getNameBytes

public com.google.protobuf.ByteString getNameBytes()

 The resource name of the service account for which the credentials
 are requested, in the following format:
 `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
 

string name = 1;

Specified by:

getNameBytes in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

setName

public GenerateIdentityBindingAccessTokenRequest.Builder setName(String value)

 The resource name of the service account for which the credentials
 are requested, in the following format:
 `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
 

string name = 1;

clearName

public GenerateIdentityBindingAccessTokenRequest.Builder clearName()

 The resource name of the service account for which the credentials
 are requested, in the following format:
 `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
 

string name = 1;

setNameBytes

public GenerateIdentityBindingAccessTokenRequest.Builder setNameBytes(com.google.protobuf.ByteString value)

 The resource name of the service account for which the credentials
 are requested, in the following format:
 `projects/-/serviceAccounts/{ACCOUNT_EMAIL_OR_UNIQUEID}`.
 

string name = 1;

getScopeList

public com.google.protobuf.ProtocolStringList getScopeList()

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

Specified by:

getScopeList in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

getScopeCount

public int getScopeCount()

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

Specified by:

getScopeCount in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

getScope

public String getScope(int index)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

Specified by:

getScope in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

getScopeBytes

public com.google.protobuf.ByteString getScopeBytes(int index)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

Specified by:

getScopeBytes in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

setScope

public GenerateIdentityBindingAccessTokenRequest.Builder setScope(int index,
                                                                  String value)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

addScope

public GenerateIdentityBindingAccessTokenRequest.Builder addScope(String value)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

addAllScope

public GenerateIdentityBindingAccessTokenRequest.Builder addAllScope(Iterable<String> values)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

clearScope

public GenerateIdentityBindingAccessTokenRequest.Builder clearScope()

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

addScopeBytes

public GenerateIdentityBindingAccessTokenRequest.Builder addScopeBytes(com.google.protobuf.ByteString value)

 Code to identify the scopes to be included in the OAuth 2.0 access token.
 See https://developers.google.com/identity/protocols/googlescopes for more
 information.
 At least one value required.
 

repeated string scope = 2;

getJwt

public String getJwt()

 Required. Input token.
 Must be in JWT format according to
 RFC7523 (https://tools.ietf.org/html/rfc7523)
 and must have 'kid' field in the header.
 Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
 Mandatory payload fields (along the lines of RFC 7523, section 3):
 - iss: issuer of the token. Must provide a discovery document at
        $iss/.well-known/openid-configuration . The document needs to be
        formatted according to section 4.2 of the OpenID Connect Discovery
        1.0 specification.
 - iat: Issue time in seconds since epoch. Must be in the past.
 - exp: Expiration time in seconds since epoch. Must be less than 48 hours
        after iat. We recommend to create tokens that last shorter than 6
        hours to improve security unless business reasons mandate longer
        expiration times. Shorter token lifetimes are generally more secure
        since tokens that have been exfiltrated by attackers can be used for
        a shorter time. you can configure the maximum lifetime of the
        incoming token in the configuration of the mapper.
        The resulting Google token will expire within an hour or at "exp",
        whichever is earlier.
 - sub: JWT subject, identity asserted in the JWT.
 - aud: Configured in the mapper policy. By default the service account
        email.
 Claims from the incoming token can be transferred into the output token
 accoding to the mapper configuration. The outgoing claim size is limited.
 Outgoing claims size must be less than 4kB serialized as JSON without
 whitespace.
 Example header:
 {
   "alg": "RS256",
   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
 }
 Example payload:
 {
   "iss": "https://accounts.google.com",
   "iat": 1517963104,
   "exp": 1517966704,
   "aud": "https://iamcredentials.googleapis.com/",
   "sub": "113475438248934895348",
   "my_claims": {
     "additional_claim": "value"
   }
 }
 

string jwt = 3;

Specified by:

getJwt in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

getJwtBytes

public com.google.protobuf.ByteString getJwtBytes()

 Required. Input token.
 Must be in JWT format according to
 RFC7523 (https://tools.ietf.org/html/rfc7523)
 and must have 'kid' field in the header.
 Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
 Mandatory payload fields (along the lines of RFC 7523, section 3):
 - iss: issuer of the token. Must provide a discovery document at
        $iss/.well-known/openid-configuration . The document needs to be
        formatted according to section 4.2 of the OpenID Connect Discovery
        1.0 specification.
 - iat: Issue time in seconds since epoch. Must be in the past.
 - exp: Expiration time in seconds since epoch. Must be less than 48 hours
        after iat. We recommend to create tokens that last shorter than 6
        hours to improve security unless business reasons mandate longer
        expiration times. Shorter token lifetimes are generally more secure
        since tokens that have been exfiltrated by attackers can be used for
        a shorter time. you can configure the maximum lifetime of the
        incoming token in the configuration of the mapper.
        The resulting Google token will expire within an hour or at "exp",
        whichever is earlier.
 - sub: JWT subject, identity asserted in the JWT.
 - aud: Configured in the mapper policy. By default the service account
        email.
 Claims from the incoming token can be transferred into the output token
 accoding to the mapper configuration. The outgoing claim size is limited.
 Outgoing claims size must be less than 4kB serialized as JSON without
 whitespace.
 Example header:
 {
   "alg": "RS256",
   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
 }
 Example payload:
 {
   "iss": "https://accounts.google.com",
   "iat": 1517963104,
   "exp": 1517966704,
   "aud": "https://iamcredentials.googleapis.com/",
   "sub": "113475438248934895348",
   "my_claims": {
     "additional_claim": "value"
   }
 }
 

string jwt = 3;

Specified by:

getJwtBytes in interface GenerateIdentityBindingAccessTokenRequestOrBuilder

setJwt

public GenerateIdentityBindingAccessTokenRequest.Builder setJwt(String value)

 Required. Input token.
 Must be in JWT format according to
 RFC7523 (https://tools.ietf.org/html/rfc7523)
 and must have 'kid' field in the header.
 Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
 Mandatory payload fields (along the lines of RFC 7523, section 3):
 - iss: issuer of the token. Must provide a discovery document at
        $iss/.well-known/openid-configuration . The document needs to be
        formatted according to section 4.2 of the OpenID Connect Discovery
        1.0 specification.
 - iat: Issue time in seconds since epoch. Must be in the past.
 - exp: Expiration time in seconds since epoch. Must be less than 48 hours
        after iat. We recommend to create tokens that last shorter than 6
        hours to improve security unless business reasons mandate longer
        expiration times. Shorter token lifetimes are generally more secure
        since tokens that have been exfiltrated by attackers can be used for
        a shorter time. you can configure the maximum lifetime of the
        incoming token in the configuration of the mapper.
        The resulting Google token will expire within an hour or at "exp",
        whichever is earlier.
 - sub: JWT subject, identity asserted in the JWT.
 - aud: Configured in the mapper policy. By default the service account
        email.
 Claims from the incoming token can be transferred into the output token
 accoding to the mapper configuration. The outgoing claim size is limited.
 Outgoing claims size must be less than 4kB serialized as JSON without
 whitespace.
 Example header:
 {
   "alg": "RS256",
   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
 }
 Example payload:
 {
   "iss": "https://accounts.google.com",
   "iat": 1517963104,
   "exp": 1517966704,
   "aud": "https://iamcredentials.googleapis.com/",
   "sub": "113475438248934895348",
   "my_claims": {
     "additional_claim": "value"
   }
 }
 

string jwt = 3;

clearJwt

public GenerateIdentityBindingAccessTokenRequest.Builder clearJwt()

 Required. Input token.
 Must be in JWT format according to
 RFC7523 (https://tools.ietf.org/html/rfc7523)
 and must have 'kid' field in the header.
 Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
 Mandatory payload fields (along the lines of RFC 7523, section 3):
 - iss: issuer of the token. Must provide a discovery document at
        $iss/.well-known/openid-configuration . The document needs to be
        formatted according to section 4.2 of the OpenID Connect Discovery
        1.0 specification.
 - iat: Issue time in seconds since epoch. Must be in the past.
 - exp: Expiration time in seconds since epoch. Must be less than 48 hours
        after iat. We recommend to create tokens that last shorter than 6
        hours to improve security unless business reasons mandate longer
        expiration times. Shorter token lifetimes are generally more secure
        since tokens that have been exfiltrated by attackers can be used for
        a shorter time. you can configure the maximum lifetime of the
        incoming token in the configuration of the mapper.
        The resulting Google token will expire within an hour or at "exp",
        whichever is earlier.
 - sub: JWT subject, identity asserted in the JWT.
 - aud: Configured in the mapper policy. By default the service account
        email.
 Claims from the incoming token can be transferred into the output token
 accoding to the mapper configuration. The outgoing claim size is limited.
 Outgoing claims size must be less than 4kB serialized as JSON without
 whitespace.
 Example header:
 {
   "alg": "RS256",
   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
 }
 Example payload:
 {
   "iss": "https://accounts.google.com",
   "iat": 1517963104,
   "exp": 1517966704,
   "aud": "https://iamcredentials.googleapis.com/",
   "sub": "113475438248934895348",
   "my_claims": {
     "additional_claim": "value"
   }
 }
 

string jwt = 3;

setJwtBytes

public GenerateIdentityBindingAccessTokenRequest.Builder setJwtBytes(com.google.protobuf.ByteString value)

 Required. Input token.
 Must be in JWT format according to
 RFC7523 (https://tools.ietf.org/html/rfc7523)
 and must have 'kid' field in the header.
 Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
 Mandatory payload fields (along the lines of RFC 7523, section 3):
 - iss: issuer of the token. Must provide a discovery document at
        $iss/.well-known/openid-configuration . The document needs to be
        formatted according to section 4.2 of the OpenID Connect Discovery
        1.0 specification.
 - iat: Issue time in seconds since epoch. Must be in the past.
 - exp: Expiration time in seconds since epoch. Must be less than 48 hours
        after iat. We recommend to create tokens that last shorter than 6
        hours to improve security unless business reasons mandate longer
        expiration times. Shorter token lifetimes are generally more secure
        since tokens that have been exfiltrated by attackers can be used for
        a shorter time. you can configure the maximum lifetime of the
        incoming token in the configuration of the mapper.
        The resulting Google token will expire within an hour or at "exp",
        whichever is earlier.
 - sub: JWT subject, identity asserted in the JWT.
 - aud: Configured in the mapper policy. By default the service account
        email.
 Claims from the incoming token can be transferred into the output token
 accoding to the mapper configuration. The outgoing claim size is limited.
 Outgoing claims size must be less than 4kB serialized as JSON without
 whitespace.
 Example header:
 {
   "alg": "RS256",
   "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
 }
 Example payload:
 {
   "iss": "https://accounts.google.com",
   "iat": 1517963104,
   "exp": 1517966704,
   "aud": "https://iamcredentials.googleapis.com/",
   "sub": "113475438248934895348",
   "my_claims": {
     "additional_claim": "value"
   }
 }
 

string jwt = 3;

setUnknownFields

public final GenerateIdentityBindingAccessTokenRequest.Builder setUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

setUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

setUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>

mergeUnknownFields

public final GenerateIdentityBindingAccessTokenRequest.Builder mergeUnknownFields(com.google.protobuf.UnknownFieldSet unknownFields)

Specified by:

mergeUnknownFields in interface com.google.protobuf.Message.Builder

Overrides:

mergeUnknownFields in class com.google.protobuf.GeneratedMessageV3.Builder<GenerateIdentityBindingAccessTokenRequest.Builder>